MAL-2026-10051: Malicious code in chai-deflect (npm)
The npm package chai-deflect versions 1.1.5 and 1.1.6 contains malicious code that executes arbitrary code from a remote server. When required, it spawns a detached child process that fetches a payload from a remote HTTP endpoint. If the response is a 404 with a token field, the payload is executed dynamically, allowing remote code execution on any host importing the package. The package masquerades as a Chai assertion plugin but includes unrelated filler code and hides a secondary URL in base64 encoding. This behavior indicates a remote-loader dropper designed to execute attacker-controlled code.
AI Analysis
Technical Summary
The chai-deflect npm package versions 1.1.5 and 1.1.6 include malicious functionality where the top-level index.js calls launchDeflectBootstrap(), which detaches a child process running lib/caller.js. This child process performs an HTTP GET request to a remote server (http://server-genimi-check.vercel.app/defy/v3) with a bearer token header. If the server responds with an HTTP 404 containing a token field in the body, the body content is passed to a dynamically created function via new Function('require', <body>) and executed with the package's require function. This allows arbitrary remote code execution on any system importing the package. The package's lib directory contains filler code unrelated to its purported functionality, and a base64-encoded secondary URL is hidden as a constant, further indicating malicious intent. The use of plain HTTP, 404 masquerading for payload delivery, and dynamic code execution under the guise of a Chai plugin characterize this as a remote-loader dropper malware.
Potential Impact
Any system that installs and imports chai-deflect versions 1.1.5 or 1.1.6 is at risk of arbitrary remote code execution. This can lead to full compromise of the host environment, including unauthorized code execution, data theft, or further malware deployment. The malicious code executes silently and remotely, triggered by a response from an attacker-controlled server, making detection and prevention difficult without removing the package.
Mitigation Recommendations
No official patch or remediation is currently documented. Users should immediately remove chai-deflect versions 1.1.5 and 1.1.6 from their projects and dependency trees. Avoid installing or using this package. Monitor for any unexpected network connections or child processes spawned by development or build environments. Check vendor advisories or trusted security sources for updates or official fixes. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
MAL-2026-10051: Malicious code in chai-deflect (npm)
Description
The npm package chai-deflect versions 1.1.5 and 1.1.6 contains malicious code that executes arbitrary code from a remote server. When required, it spawns a detached child process that fetches a payload from a remote HTTP endpoint. If the response is a 404 with a token field, the payload is executed dynamically, allowing remote code execution on any host importing the package. The package masquerades as a Chai assertion plugin but includes unrelated filler code and hides a secondary URL in base64 encoding. This behavior indicates a remote-loader dropper designed to execute attacker-controlled code.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The chai-deflect npm package versions 1.1.5 and 1.1.6 include malicious functionality where the top-level index.js calls launchDeflectBootstrap(), which detaches a child process running lib/caller.js. This child process performs an HTTP GET request to a remote server (http://server-genimi-check.vercel.app/defy/v3) with a bearer token header. If the server responds with an HTTP 404 containing a token field in the body, the body content is passed to a dynamically created function via new Function('require', <body>) and executed with the package's require function. This allows arbitrary remote code execution on any system importing the package. The package's lib directory contains filler code unrelated to its purported functionality, and a base64-encoded secondary URL is hidden as a constant, further indicating malicious intent. The use of plain HTTP, 404 masquerading for payload delivery, and dynamic code execution under the guise of a Chai plugin characterize this as a remote-loader dropper malware.
Potential Impact
Any system that installs and imports chai-deflect versions 1.1.5 or 1.1.6 is at risk of arbitrary remote code execution. This can lead to full compromise of the host environment, including unauthorized code execution, data theft, or further malware deployment. The malicious code executes silently and remotely, triggered by a response from an attacker-controlled server, making detection and prevention difficult without removing the package.
Mitigation Recommendations
No official patch or remediation is currently documented. Users should immediately remove chai-deflect versions 1.1.5 and 1.1.6 from their projects and dependency trees. Avoid installing or using this package. Monitor for any unexpected network connections or child processes spawned by development or build environments. Check vendor advisories or trusted security sources for updates or official fixes. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-10051
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a50ba9f68715ace43584ce3
Added to database: 07/10/2026, 09:25:51 UTC
Last enriched: 07/10/2026, 10:11:43 UTC
Last updated: 07/10/2026, 23:56:12 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.